#! /bin/bash

error=0 ; trap "error=$((error|1))" ERR

# add a user account:hmuser
if ! $ROOTCMD getent passwd hmuser ; then
    $ROOTCMD adduser -c "HUMAN USER" hmuser
    $ROOTCMD usermod -p '$1$.cWiG8mO$FXN7lZaghXxjZnhshvqfm/' hmuser
    sed -i '/^root/a\hmuser    ALL=(ALL:ALL) ALL' $target/etc/sudoers
fi

# enable graphical login screen, make run level 5 as default
if [ -f $target/usr/sbin/gdm ]; then
    sed -i -e 's/id:3:initdefault:/id:5:initdefault:/' $target/etc/inittab
    # do not run this tool
    echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
fi
fcopy /etc/systemd/system.conf
ainsl -a /etc/modprobe.d/blacklist-storage.conf 'blacklist usb-storage'
ainsl -a /etc/modprobe.d/blacklist-storage.conf 'blacklist firewire-ohci'
#ainsl -a /etc/modprobe.d/blacklist-storage.conf 'blacklist floppy'
ainsl -a /etc/modprobe.d/blacklist-pcspkr.conf 'blacklist pcspkr'
ainsl -a /etc/modprobe.d/blacklist-bluetooth.conf 'blacklist bluetooth'

sed -i "s/net.ipv4.tcp_congestion_control.*$/net.ipv4.tcp_congestion_control=dctcp/" $target/etc/sysctl.conf
#sed -i "s/#kernel.unprivileged_bpf_disabled/kernel.unprivileged_bpf_disabled/" $target/etc/sysctl.conf

ln -sf /dev/null $target/etc/systemd/system/multi-user.target.wants/kdump.service
ln -sf /dev/null $target/etc/systemd/system/ip6tables.service
#ln -sf /dev/null $target/etc/systemd/system/gssproxy.service
#ln -sf /dev/null $target/etc/systemd/system/polkit.service
#ln -sf /dev/null $target/etc/systemd/system/network-online.service
unlink $target/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service
unlink $target/etc/systemd/system/basic.target.wants/firewalld.service
unlink $target/etc/systemd/system/multi-user.target.wants/firewalld.service
#unlink $target/etc/systemd/system/multi-user.target.wants/wpa_supplicant.service
#unlink $target/etc/systemd/system/multi-user.target.wants/auditd.service
unlink $target/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service
unlink $target/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service
#unlink $target/etc/systemd/system/multi-user.target.wants/NetworkManager.service
#unlink $target/etc/systemd/system/multi-user.target.wants/tuned.service
unlink $target/etc/systemd/system/multi-user.target.wants/smartd.service
unlink $target/etc/systemd/system/multi-user.target.wants/lm_sensors.service
unlink $target/etc/systemd/system/multi-user.target.wants/ntpd.service
$ROOTCMD chkconfig network on
#enable rsyslogd
ln -sf /usr/lib/systemd/system/rsyslog.service $target/etc/systemd/system/multi-user.target.wants/rsyslog.service
ln -sf /usr/lib/systemd/system/nscd.service $target/etc/systemd/system/multi-user.target.wants/nscd.service
ln -sf /usr/lib/systemd/system/systemd-timedated.service $target/etc/systemd/system/systemd-timedated.service
ln -sf /usr/lib/systemd/system/irqbalance.service $target/etc/systemd/system/multi-user.target.wants/irqbalance.service
sed -i 's/^After=.*$/After=network.service\ sshd-keygen.service/' $target/usr/lib/systemd/system/sshd.service
#sed -i s/^#ListenAddress.*$/ListenAddress\ 0.0.0.0/ $target/etc/ssh/sshd_config
#ainsl -a /etc/sysconfig/irqbalance 'ENABLED="0"'
ainsl /etc/ssh/ssh_config 'HashKnownHosts yes'
#ainsl /etc/ssh/ssh_config 'Compression yes'
ainsl /etc/ssh/ssh_config 'ServerAliveInterval 60'
ainsl /etc/ssh/ssh_config 'ServerAliveCountMax 5'
ainsl /etc/ssh/ssh_config 'ControlMaster auto'
ainsl /etc/ssh/ssh_config 'ControlPath /tmp/ssh_mux_%h_%p_%r'
ainsl /etc/ssh/ssh_config 'ControlPersist 1h'
       
sed -i 's/#Protocol 2/Protocol 2/' $target/etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin.*$/PermitRootLogin without-password/' $target/etc/ssh/sshd_config
sed -i 's/#PrintLastLog.*$/PrintLastLog yes/' $target/etc/ssh/sshd_config
sed -i 's/X11Forwarding yes/X11Forwarding no/' $target/etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' $target/etc/ssh/sshd_config
ainsl /etc/ssh/sshd_config 'UseDNS no'
#ainsl /etc/ssh/sshd_config 'PrintMotd no'
#sed -i 's/^.*pam_motd.so/#&/' $target/etc/pam.d/sshd
ainsl /etc/bashrc 'force_color_prompt=yes'
fcopy -iv /etc/systemd/timesyncd.conf
#time setting
#sed -i s/NTPDATE_USE_NTP_CONF=yes/NTPDATE_USE_NTP_CONF=no/ $target/etc/default/ntpdate
[ -n "$NTPSRVS" ] && sed -i /#Servers/a\Servers="$NTPSRVS" $target/etc/systemd/timesyncd.conf
$ROOTCMD ln -sf /lib/systemd/system/systemd-timesyncd.service /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
$ROOTCMD systemctl start systemd-timedated
$ROOTCMD timedatectl set-ntp true
sed -i '/^driftfile/a\interface ignore wildcard' $target/etc/ntp.conf
[ -n "$LOGSRV" ] && ainsl -a -q /etc/rsyslog.conf "*.*@$LOGSRV:514"

if ifclass GNOME_FC30; then
    $ROOTCMD systemctl enable gdm
fi

#enable zfs
ainsl -a /etc/modules-load.d/zfs.conf 'zfs'
$ROOTCMD systemctl preset zfs-import-cache zfs-import-scan zfs-import.target zfs-mount zfs-share zfs-zed zfs.target

exit $error
